Reestablishing Trust Between a Workstation and Domain When the Local Administrator account is Disabled

Disclaimer: Circumventing windows security should NOT be taken lightly, and should only be used by an authorized person as a last resort in the course of recovery or repair. Mumbo Jumbo aside, remember that YOU ALONE are responsible for your own actions, so be sure that you know what you're doing before making any changes!

From time to time, a workstation (usually a laptop) becomes disjoined from your domain, and starts throwing the following error:

"The trust relationship between this workstation and the primary domain failed."

When this happens, any attempt to login using a domain user account will fail. The traditional fix goes something like this:

Log in using a Local Administrator Account

Swap the domain membership to a workgroup (e.g. TEMP)

Reboot and log back in (Local Administrator Account)

Change the workgroup back to the domain

But what if the local user account is disabled, you've forgotten the password or someone changed it? That's where Hiren's Boot CD comes in!

If you're not familiar with Hiren's Boot CD, you're missing out on a wealth of tools that can you help you recover data, clear viruses, and even reset passwords! In this scenario, we're going to use the Offline NT Password Changer.

Insert Hiren's Boot CD and boot from your optical drive

Navigate to the Offline NT/2000/XP/Vista/7 Password Changer

Next, select the partition where Windows is installed (usually C:\)

Verify that you're using the correct Registry Path (usually Windows/system32/config)

At this point, you can elect to enable disabled accounts (if the local Administrator account is diabled) and/or change the password. In either case, you'll need to enter the username you'd like to edit - I would recommend a default user account (e.g. Administrator)

When done, press ! to quit the editor, followed by Y to confirm your changes

Remove Hiren's Boot CD and reboot

I hope this helps someone! Feel free to post your comments or questions.

Disclaimer: Blog contents express the viewpoints of their independent authors and
are not reviewed for correctness or accuracy by
Toolbox for IT. Any opinions, comments, solutions or other commentary
expressed by blog authors are not endorsed or recommended by
Toolbox for IT
or any vendor. If you feel a blog entry is inappropriate,
click here to notify
Toolbox for IT.